Closed demondogsports closed 2 years ago
When wafw00f was initially developed, it originally detected systems that were purely WAFs. Eventually people started adding detection systems that exhibited WAF behaviors but were not necessarily marketed as a WAF. Back then we took the decision to accept such contributions as it seemed useful for a tool that detects WAFs to know if there is anything that might block web-based attacks or not. I still think this is useful, and we don't claim to have the perfect definition of a WAF or have a puritan approach to this.
Cloudfront (AWS / Amazon) is technically a CDN (content delivery network). It can have a WAF in the mix, but is generally returning cached content from edge locations.
Elastic Load Balancers (AWS / Amazon) - some may be network load balancers operating at L3/L4. Application LB work at L7 and may have a WAF before, or after, or none.
This came up on a discussion in Discord where someone was confused about WAF. Thought I’d feedback.